SANS Digital Forensics and Incident Response Blog

The WhatWorks in Forensics and Incident Response Summit 2009

The panels for the Forensic and Incident Response Summit have been posted. Each panelist will help answer these critical questions and present their answers to the audience. Then the attendees will be able to ask their own questions to the panel via a question and answer session. The panels are one of the many great reasons to attend the 2009 Forensic/IR Summit.

Some Panel Questions for Working with Law Enforcement Panel to be asked at the Summit

What is the biggest challenge facing law enforcement in digital forensics? How would you overcome this challenge?

Why law enforcement only tools/techniques/knowledge? Do you agree with this reasoning? Why?

Where would recommend an civilian digital investigator go in order to meet their law enforcement counter parts? Is it effective? Are there any recommended groups/lists/email boards/etc where you can interact with each other?

What technical skill have you learned over the past year that has changed the way you approach your cases? Why?

What software do you routinely use working with cases? Why was it useful and is this capability found in other competing software products?

User Panel: Forensic Challenges from the Court Room -

Panelists will tell you the challenges faced when preparing for and during courtroom litigation involving computer forensics, incident response, and e-discovery. They will discuss common myths associated found in the courtroom. They will discuss critical steps every investigator must know. They will tell you what works and what does work in and out of the courtroom by sharing their lessons they each of them have learned.

Some Panel Questions for Forensic Challenges from the Court Room Panel to be asked at the Summit

Should I become a licensed private investigator in my state even if my state does not have a specific law telling me to do so? Why or why not?

What is the biggest challenge an investigator presenting evidence will have in a courtroom in 2009? How do you overcome it?

If you were working the defense on a case, what would your basic strategy be to create doubt in the plaintiff's digital evidence?

I am working a case and the opposing council states that (SODDI) some other dude did it or that a Trojan/malware did it (the Trojan defense). What strategy would you recommend to me that could help to combat this in court?

"Forensics is a lot more than just imaging a drive."- Joseph Fresch, Guaranty Bank

"This course is filling in the blanks in my knowledge of how some things work. It is nice to know what the tools are doing."- Douglas Couch, Purdue University

"A great course on timeline, registry, and restore point forensics. SANS is continuing to be the leader on teaching new techniques happening with forensics."- Brad Garnett, Gibson County Sherrif's Dept.